Altair Healthcare Limited, as a data processor and controller, is responsible overall for demonstrating compliance with data protection legislation and meeting the accountability and transparency obligations within the legislation. All staff have a responsibility to ensure they process personal data in accordance with the data protection principles and other requirements of data protection legislation. Processing means any operation which is performed on personal data or sets of personal data, by automated or manual means such as collecting, recording, organising, storing, adapting, altering, consulting, using, disclosing, combining, restricting, erasing or destroying.
Our Responsibility
Altair shall be responsible for and be able to demonstrate compliance with data protection legislation. We follow the principles of the GDPR in handling personal data, for example, we will:
• Process your data fairly and lawfully, and in a transparent manner.
• Only collect the data we need for that specific purpose and no further processing is done when unnecessary.
• Ensure the data we collect, and process is kept to a minimum where appropriate.
• Do our best to ensure it is accurate and up to date. You can help us by telling us about any change of circumstances.
• Keep it until no longer than necessary.
• Keep and dispose of it securely.
We will only share your personal data with other organisations if it is stated at the point of collection, or if it is necessary to fulfil contractual obligations and duties, or to check accuracy, or to prevent and detect crime. We will not share your personal data with other organisations for commercial purposes.
If you have any concerns or questions, please contact us: admin@altairhealthcare.co.uk
Service users
Types of personal data that we may collect
So that we can provide a safe and professional service, we need to keep certain records about you.
We may process the following types of data:
• Your basic details and contact information e.g. your name, address, date of birth and next of kin.
• Your financial details e.g. details of how you pay us for your care or your funding arrangements.
We also record the following data which is classified as "special category":
• Health and social care data about you, which might include both your physical and mental health data.
• We may also record data about your race, ethnic origin, sexual orientation or religion.
Why we collect your personal data
We need this data so that we can provide high-quality care and support. By law, we need to have a lawful basis for processing your personal data.
We process your data because:
• We have a legal obligation to do so - generally under the Health and Social Care Act 2012 or Mental Capacity Act 2005.
We process your special category data because:
• It is necessary due to social security and social protection law (generally this would be in safeguarding instances);
• It is necessary for us to provide and manage social care services;
• We are required to provide data to our regulator, the Care Quality Commission (CQC), as part of our public interest obligations.
How we collect and use your personal data
We collect your personal data through our website when you voluntarily enter your information in a form on our website or by contacting a service or officer in person, in writing or over the phone.
We collect your personal data when you have given express consent for your data to be used for a specific purpose, or to enable us to perform our contractual obligations to you, to process and deliver your order, to manage payments, fees and charges and debt recovery.
We will hold your personal information for as long as the care package is in place, or we are informed otherwise, either by the data subject themselves (you) or the customer.
Common law duty of confidentiality
In our use of health and care information, we satisfy the common law duty of confidentiality because:
• You have provided us with your consent (either implicitly to provide you with care, or explicitly for other uses)
• We have a legal requirement to collect, share and use the data
• The public interest to collect, share and use the data overrides the public interest served by protecting the duty of confidentiality (for example sharing information with the police to support the detection or prevention of serious crime).
Sharing your personal data
So that we can provide you with high quality care and support we need specific data.
This is collected from or shared with:
1. You or your legal representative(s);
2. Third parties.
We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.
Third parties are organisations we might lawfully share your data with. These include:
• Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, clinical commissioning groups, and other health and care professionals.
• The Local Authority.
• Your family or friends - with your permission.
• Organisations we have a legal obligation to share information with i.e. for safeguarding, the CQC.
• The police or other law enforcement agencies if we must by law or court order.
National data opt-out
We are applying the national data opt-out because we are using confidential patient information for purposes beyond individual care.
The information collected about you when you use health and care services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:
• improving the quality and standards of care provided
• research into the development of new treatments
• preventing illness and diseases
• monitoring safety
• planning services
This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this when allowed by law.
Most of the time, the data used for research and planning is anonymised, so that you cannot be identified and your confidential patient information is not accessed.
You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt out your confidential patient information will still be used to support your individual care.
To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters
You can change your mind about your choice at any time.
Friends and relatives
Types of personal data that we may collect
As part of our work providing high-quality care and support, it might be necessary that we hold the following information on you:
• Your basic details and contact information e.g. your name and address.
Why we collect your personal data
By law, we need to have a lawful basis for processing your personal data.
We process your data because we have a legitimate business interest in holding next of kin and lasting power of attorney information about the individuals who use our service.
We may also process your data with your consent. If we need to ask for your permission, we will offer you a clear choice and ask that you confirm to us that you consent. We will also explain clearly to you what we need the data for and how you can withdraw your consent.
Sharing your personal data
So that we can provide high quality care and support we need specific data. This is collected from or shared with:
1. You or your legal representative(s).
2. Third parties.
We do this face to face, via phone, via email, via our website, via post, via application forms, via apps.
Third parties are organisations we have a legal reason to share your data with. These may include:
• Other parts of the health and care system such as local hospitals, the GP, the pharmacy, social workers, and other health and care professionals.
• The Local Authority.
• The police or other law enforcement agencies if we must by law or court order.
How we store your personal information
Your information is securely stored for the time periods specified in the Records Management Code of Practice. We will then dispose of the information as recommended by the Records Management Code for example we will:
• securely dispose of your information by shredding paper records and wiping hard drives to legal standards of destruction.
• archive your information using an encrypted electronic document archiving systems.
• store any physical documents under lock and key in secure filing cabinets.
Your legal rights
You have the following legal rights in relation to your personal data:
a. Right of access - You have the right to ask us for copies of your personal information.
b. Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
c. Your right to erasure - You have the right to ask that we erase any of your personal data which is no longer necessary for the purpose we originally collected it for. We retain our data in line with the Information Governance Alliance's guidelines
d. Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
e. Your right to object to processing - You have the right to object to processing if we can process your information because the process is in our legitimate interests.
f. Your right to data portability - This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering a contract and the processing is automated.
You may need to provide adequate information for our staff to be able to identify you, for example, a passport or driver's licence. This is to make sure that data is not shared with the wrong person inappropriately. We will always respond to your request as soon as possible and at the latest within one month.
If you would like to complain about how we have dealt with your request, please contact:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
https://ico.org.uk/global/contact-us/
Subject Access Requests
You have the right, under the Data Protection legislation to access any personal information held about you by Altair. You may exercise this right by requesting the information verbally, by phone, or by emailing us at admin@altairhealthcare.co.uk. Any formal subject access request must be responded to within 30 calendar days, or within appropriate additional timescale as laid down by data protection legislation.
Cookie Policy
Our website uses cookies and the information they store to make your online browsing an easier, more enjoyable experience. Cookies are small files stored by your browser on your computer's hard drive and we use them to make it easier for you to access and use our site, and to collect statistical information about how users use our site, and that information will only be used for improving our website. We will seek your express permission to store and retrieve data about your browsing habits, and you may set your browser to disable cookies and firewalls set up on your network to prevent the use of browser cookies.
